Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

System running extremely slow

SlimXero

Posted 02 February 2008 - 02:05 AM

SlimXero

New Member

Member

9 posts

My sister screwed up my mom's computer (i don't live at home) and she called me to fix it. ran spybot s&d and it removed 30+ items, ran ccleaner, it cleared 130 megs of crap and ran the registry cleaner included with ccleaner and fixed the 20+ items it found. AdAware would not update, thinking it has something to do with this. HiJackThis log follows:

Starting to scan the registry.
The registry was scanned ( '17' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\Internet Explorer\qufatym.dll
[DETECTION] Is the Trojan horse TR/BHO.AB.6
[INFO] A backup was created as '480aa5b7.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP334\A0098380.dll
[DETECTION] Contains detection pattern of the dial-up program DIAL/Generic
[INFO] A backup was created as '47d4a744.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP334\A0098407.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] A backup was created as '47d4a745.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP334\A0098417.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.22016.4
[INFO] A backup was created as '47d4a748.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP334\A0098418.exe
[DETECTION] Contains detection pattern of the dropper DR/Dldr.Small.buy
[INFO] A backup was created as '464be959.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP335\A0100478.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47d5a74d.qua'!
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP335\A0100486.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47d5a74e.qua'!
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP335\A0100518.DLL
[DETECTION] Contains detection pattern of the Turbo-Kukac virus
[INFO] A backup was created as '47d5a74f.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP335\A0100544.exe
[DETECTION] Is the Trojan horse TR/BHO.AB.4
[INFO] A backup was created as '47d5a751.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP336\A0101610.dll
[DETECTION] Is the Trojan horse TR/BHO.AB.6
[INFO] A backup was created as '47d5a757.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP336\A0102609.dll
[DETECTION] Is the Trojan horse TR/BHO.AB.6
[INFO] A backup was created as '464591a8.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\WINDOWS\b104.exe
[DETECTION] Contains detection pattern of the dropper DR/Dldr.Small.buy
[INFO] A backup was created as '47d4a75c.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\WINDOWS\b138.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.22016.4
[INFO] A backup was created as '47d7a75d.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\WINDOWS\mrofinu572.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] A backup was created as '4813a79f.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\WINDOWS\tk58.exe
[DETECTION] Is the Trojan horse TR/BHO.AB.4
[INFO] A backup was created as '47d9a799.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\WINDOWS\SnVsaWUgWW91bmdibG9vZA\command.exe
[DETECTION] Is the Trojan horse TR/Spy.Banbra.df.199
[INFO] A backup was created as '4811a965.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\WINDOWS\system32\deb3\tewdrives22.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] A backup was created as '481ba9a5.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\WINDOWS\system32\drivers\usbserr.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\nip4\hoftidndll3.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.buy.1
[INFO] A backup was created as '480aa9de.qua' ( QUARANTINE )
[INFO] The file was deleted!
Begin scan in 'D:\'

End of the scan: Saturday, February 02, 2008 11:35
Used time: 32:17 min

SlimXero

Posted 02 February 2008 - 05:14 PM

SlimXero

New Member

Topic Starter

Member

9 posts

New HiJackThis Log. I'm still having issues with IE popping up randomly. I pasted in a custom hosts file so 99.9% of time there's nothing in the popup except an error page, but it's annoying nonetheless.